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REMARKS 

New claiins 27-30 have been added and are supported by the 
specification: 

"The security client puts the request in a memory location 
accessible to the security server (1610) and signals that it has 
done so. A "security daemon" in the first partition (1614) 
recognizes the signal and starts a ''proxy" client (1616) in the 
first partition (1614) . The proxy (1616) client calls the 
security server with the request using the interface native to 
the security server (1601) . (page 36 lines 9-21) . The applicant 
respectfully submits that new claims 27-3 0 are allowable, which 
allowance is respectfully requested. 

In paragraph 2 of the office action, the examiner rejects 
claims 5, 12 and 18 under 35 U.S.C. 112, second paragraph for 
reciting "the proxy client" without proper antecedent basis., The 
applicant has amended the claims to depend on claims 2, 9 and 15 
respectively that introduce "the proxy client" limitation. 

In paragraph 4 of the office action, the examiner objects to 
the drawings for failing to include reference characters lOlB, 
102B, 102A, lOlA (page 15 line 20-31); 200, 201A1 (page 17 line 
5); 300 (page 19 line 5). The draw ings have been amended 
accordijiglY_;____ 

In paragraph 5 of the office action, the examiner objects to 
drawings FIG. 2, FIG. 3, FIG. 4, FIG. 7, FIG. 8, FIG 15 and FIG. 
16 because they include reference characters not mentioned in the 
description. As to FIG. 2, the reference to 200A2 and 200A1 have 
been amended in the specification (page 17, line 5) included 
herewith. The applicant has amended the drawings accordingly. The 
applicant submits that the drawings as amended are allowable, 
which allowance is respectfully requested. 
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In paragraph 7 of the office action the examiner rejects 
claims 1-26 under 35 U.S,C. 103(a) as being unpatentable over 
Kung (US 5,241,594) in view of Drogichen et al (US 5,931,938). 

The examiner says that Kung is silent on "the processing 
system being a partitioned processing system having a first 
partition which includes a common security server and a second 
partition which includes a security client and for transmitting a 
first response (to) the request for authorization from the common 
security server in the first partition to the security client in 
the second partition said transmission of one of said request or 
said first response between partitions being by way of main 
storage," The examiner says Drogichen discloses a partitioned 
processing system consisting of independent systems and 
communication between the partitions by way of main storage (col 
1, In 50-55 and col 3 In 45-50) . The examiner says it would have 
been obvious to one of ordinary skill in the art at the time of 
the applicant's invention to further incorporate the partitioning 
of a processing system of Drogichen within the system of Kung 
because it would have provided a means of processing secure user 
authorization by a stable means wherein errors caused by one 
process does not effect other process (see Drogichen, col 1 In 
45-62). The applicant disagrees. The examiner cites motivation to 
combine the references as motive to combine Drogichen into Kung 
because of Drogichen' s reducing the probability of errors of one 
process effecting another. The cited reference is discussing an 
improvement in isolating domains so they use separate hardware as 
opposed, we assume, to a system such as the IBM mainframe, 
wherein the system can be partitioned into partitions that share 
resources. Kung already has separate computing systems so the 
advantage cited as motivation to combine is not there since 
individual computing systems share no hardware wherein the system 
of Drogichen shares memory and even exports memory between 
partitions, thus having a common hardware point of failure mode 
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that is not present in Kung. Such a motivation would teach away 
from combining the references. This is particularly true wherein 
the function involved pertains to security and Drogichen exposes 
the two partitions to common fault modes. 

Furthermore, the system of Kung permits a user workstation 
to negotiate with the multiple logon server directly. The 
examiners citation of Kung would indicate that the Kung 
workstation would be equivalent to a first partition of the 
invention and the multiple logon server of Kung would be 
equivalent to a second partition of the invention. The applicant 
fails to understand how Kung or Drogichen would go about 
employing a workstation function in a partition of a server. 

Furthermore, while Drogichen implies a shared memory between 
domains, it does not enable the use of shared memory for 
applications of the present invention. According to the present 
invention, as shown in the specification: "The security client 
puts the request in a memory location accessible to the security 
server (1610) and signals that it has done so. A ''security 
daemon" in the first partition (1614) recognizes the signal and 
starts a "proxy" client (1616) in the first partition (1614) . 
The proxy (1616) client calls the security server with the 
request using the interface native to the security server (1601) . 
(page 3 6 lines 9-21) 

The security server (1601) processes the request and returns 
the servers response to the proxy client (1616) . The proxy 
client puts the security server's response in memory accessible 
to the security client in the second partition and signals that 
it has done so. The signal wakes up the security client (1603) 
pointing to the authorization." (page 36 lines 9-21). A mention 
in Drogichen of shareable memory cannot be construed to teach any 
use of sharing memory as taught by the present invention. 
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Therefore, the applicant submits that the claims 1, 8, 14 
and 20 are in condition for allowance, which allowance is 
respectfully requested. 

The examiner says "as per claims 3, 10, 16 and 22, 
Kung-Drogichen" includes use of main storage shared between 
partitions. The applicant disagrees. The reference of Drogichen 
indicates that "clusters allow multiple domains to share a common 
range of memory addresses, for rapid data transfer" and "certain 
domains need high bandwidth communications with each other by 
sharing one or more segments of their individually addressable 
memory" , Drogichen does not express or imply any specific use of 
the shared memory as shown in the claims. Neither Drogichen nor 
Kung express or imply providing an inter-application memory to 
memory communication between partitions to perform a function 
already performed by traditional I/O device/driver interfaces. In 
fact, Drogichen teaches away from the use of shared memory for 
traditional domain to domain I/O communication "The processors, 
memory, and I/O of a domain act as a single unified computing 
system" (col 2 lines 39-41) and "Software isolation means that no 
software running in one domain can affect software running in 
another domain. . . This requires that each domain have its own 
physical processors, memory units, and I/O adapters not shared 
with those of other domains." (col 3, lines 4-8). Therefore the 
claims 3, 10, 16 and 22 are allowable, which allowance is 
respectfully requested. 

The examiner says as per claims 4, 11, 17 and 23, Drogichen 
discloses a memory to memory data mover (col 6, In 2-31 and col 7 
In 52-59). The Drogichen reference is to a router directing 
memory access to memory. According (for example) to the present 
application a data mover is an adapter for moving data between 
partitions : 

"The IBM S/390 Gbit Ethernet (Asynchronous Coprocessor Data 
Mover Method and Means, U.S. Patent No. 5442802, issued August 
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15,1995 and assigned to IBM) I/O adapter can be used to move data 
from one partition's kernel memory to another, but the data is 
moved from the first kernel memory to a queue buffer on the 
adapter and then transferred to a second queue buffer on the 
adapter before being transferred to a second kernel memory. " 
(page 6 first paragraph). Drogichen's router is not a data mover 
of the claims, therefore claims 4, 11, 17 and 23 are in condition 
for allowance, which allowance is respectfully requested. 

The examiner says claims 2, 5, 9, 12, 15, 18, 21 and 24 are 
taught by Kung-Drogichen in combination with Hu. That Hu teaches 

"bl) signaling by the security client running in the second 
partition, a first program running in the first partition to 
start a proxy client in the first partition; and, 

b2) transmitting the request from the proxy client to the 
security server in the first partition." The applicant disagrees. 

There is no motivation to combine Hu as Hu is directed to a 
Proxy server gateway, which proxy server handles authorization 
for the host system to which it is a proxy. Kung-Drogichen, if 
combined would already provide such authorization for multiple 
hosts. Furthermore, the combination is silent on a security 
client starting any sort of client in another partition. Hu's 
proxy server of a gateway system is not started by any request. 
It is always there. Furthermore, the proxy server in Hu is 
separate from the authentication process. Therefore, the claims 
2, 5, 9, 12, 15, 18, 21 and 24 are allowable, which allowance is 
respectfully requested. 

As claims 2-7, 9-13, 15-19 and 21-26 depend on allowable 
claims 1, 8, 14 and 20, they are also allowable, which allowance 
is respectfully requested. 

It is respectfully submitted that the application is now in 
condition for allowance, which allowance is respectfully 
requested. 
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